iptables won't work for this because the info in question is in the HTTP headers being sent to the server from your box... the most common approach i know of to deal with these "information disclosure" issues is to use a proxy server to filter (or edit) your HTTP headers...
privoxy is specially-made for situations like this, but even a generic proxy like
squid can be configured to control HTTP headers (look into the
header_access options)... for example:
Code:
acl example_name dstdomain .example.com
header_access User-Agent deny example_name
the above in squid would prevent the User-Agent HTTP header from being sent to anywhere in the
example.com domain... you can, of course, make it stop for all connections also, with something like:
Code:
header_access User-Agent deny all
usually it takes a little bit of time for you to find the best amount of header filtering for you... oh, and here's an example of how to edit a header:
Code:
header_replace User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.7.5) Gecko/20041202 Firefox/1.0
when this is used with the previous .example.com example, the header will be replaced instead of just filtered...
sometimes you'll HAVE to edit a header instead of filtering it because a server you want to use won't let you work without the header... well, at least that's been my experience... =)
NOTE: my suggestion only addresses points #2, #3, and #4 - to address point #1 you'd need to add software such as
Tor (as mentioned by
unSpawn) into the mix...